Re: [openpgp] reviewing sample v5 certificate: can't validate internal signatures
Daniel Huigens <d.huigens@protonmail.com> Tue, 22 November 2022 19:56 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09FFDC15258C for <openpgp@ietfa.amsl.com>; Tue, 22 Nov 2022 11:56:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WYIwAvb4xkVT for <openpgp@ietfa.amsl.com>; Tue, 22 Nov 2022 11:56:30 -0800 (PST)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF3E2C15258A for <openpgp@ietf.org>; Tue, 22 Nov 2022 11:56:29 -0800 (PST)
Date: Tue, 22 Nov 2022 19:56:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1669146987; x=1669406187; bh=ZdajY/OKEnS4RNnecevgPW5MzbUaU4/qUa/ePkTaIx4=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=NG5aqRiBX+WC8WOcM4Ju3xAPoiX5yLXe0T1FPM/rxZAcsIb5zJfLXY9DrfTNILGaY Wy7/DJ/jjh0tceL1ev2ZSplIrXPh7tstJsjtQXtxz4sJrT9JIKdzlRPfKPu2vCOS9B JpbOdxlxOlCbXu3pY0CtoSb/BuyLQVT7opLVWRIpN5L2c5/ZbjTjGxRWUxa1WcX0OU vrSlWR4r3pNndjC5JsrPVzpQvJKkaDfrgm+RzqU9snSB6Hs0Ad8V/CspoR8mPUVCQo zSfksFh5gv3MlocP6jIHkxU3fNczxhiGmWI8HgcRggdnu4PaH+BGXv+MhRw1ulimAT 1dKilJNufclkw==
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: openpgp@ietf.org
Message-ID: <d00SL5PjvNYlsflHLLYPyh1E_JPpIUltjQCBB4HyeITSpCR8_g-4jNZsYJPUf2CZVrkaicEesXZNFf1UDe8-z9z48IR1FGGZIObq2ZHpsfE=@protonmail.com>
In-Reply-To: <87sfifzp3a.fsf@fifthhorseman.net>
References: <87sfifzp3a.fsf@fifthhorseman.net>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/um8tXnka5ocYiLByiXl16TYfEEU>
Subject: Re: [openpgp] reviewing sample v5 certificate: can't validate internal signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Nov 2022 19:56:34 -0000
Hey dkg, Since I generated them, I can also validate them, though it doesn't prove much :P The values we hash are: a) 903c95635b81783d573f3271965690019a00000037056220d057160000002d092b06010401da470f01010740b550fd420bde0a2af2da98c8086ac75f401b9607b8cc801e308e4f252954ab51051f160a0000002305026220d0570315080a0416000201021b03021e090d2709030703090107010902070205ff000000000000002b b) 5222aad2131c7b739aba14d74930a6559a00000037056220d057160000002d092b06010401da470f01010740b550fd420bde0a2af2da98c8086ac75f401b9607b8cc801e308e4f252954ab519a0000003c056220d05712000000320a2b060104019755010501010740ec2ae8314d049db9cfc67f58a440f760469700509df267198045ee13c1325d7f03010807051816080000000905026220d057021b0c05ff0000000000000011 One difference I found is in the serialized (v5) key packet, where I think you're missing the "four-octet scalar octet count for the following public key material" that's new for v5 key packets. However, there are some other differences as well, that I haven't investigated yet, maybe we're doing something wrong as well. Let me know if you happen to spot something, otherwise I'll look into it more tomorrow. Thanks for checking them, in either case! Best, Daniel P.S. It's a bit weird that we used SHA512 for one and SHA256 for the other, indeed. It seems there's some missing code for the subkey binding signature to use the preferred hash algorithm, which I set to SHA512 when generating that key, so it used the default hash for the curve, SHA256. We'll have to fix that too.
- [openpgp] reviewing sample v5 certificate: can't … Daniel Kahn Gillmor
- Re: [openpgp] reviewing sample v5 certificate: ca… Daniel Huigens
- Re: [openpgp] reviewing sample v5 certificate: ca… Daniel Kahn Gillmor
- Re: [openpgp] reviewing sample v5 certificate: ca… Paul Wouters
- Re: [openpgp] reviewing sample v5 certificate: ca… Daniel Huigens
- [openpgp] OpenPGP sample artifacts [was: Re: revi… Daniel Kahn Gillmor